FrontPage 2000 Exposes Windows 2000 Accounts

FrontPage 2000 Exposes Windows 2000 Accounts
Reported April 21, 2000 by
Paul Rogers
  • FrontPage 2000 Extensions for Internet Information Server 5.0


When a valid FrontPage user connects to a remote Web using a FrontPage client, that user can obtain a list of account names.

This particular security risk first appeared under NT 4.0, IIS 4.0, and FrontPage 98, where it was apparently carried over to the new platform unchecked. The workaround information for the NT 4.0 platform does not work on Windows 2000 platforms.


Open FrontPage 2000, connect to your remote Web, then click Tools, Security, Permissions, and then Add on the Users tab. A list of accounts on the remote serer will be displayed.


According to BugNet, Microsoft is working on a patch for the matter, however at the time of this writing it was not known when the patch would become available.

Discovered and reported by
Paul Rogers
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.